How To Set Up SSH Public and Private Key in Linux

SSH, also known as a “Secure Shell Protocol,” is a protocol used to access a remote Linux system securely over an unsecured network via the command-line interface. SSH allows users to run commands on remote Linux servers, install and remove software packages, and manage everything via command line from a single place.

If you are a Linux system administrator and managing multiple servers via SSH, then you may need to provide a root password each time when you connect to the remote server. Remembering passwords for thousands of servers is very difficult for an administrator. In this case, you can use an SSH public and private key pair to connect remote servers without entering a password.

In this post, we will show you how to create a public and private key and set up a Linux server for passwordless login.

Create a Public and Private SSH Key Pair

First, you will need to create a public and private key in your local Linux machine. You can use the ssh-keygen command to generate an RSA key pair.

ssh-keygen -t rsa

You will be asked to define the path to save the key files:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/vyom/.ssh/id_rsa): 

Just press the Enter key to save the key files in the default location. You will be asked to set a passphrase:

Enter passphrase (empty for no passphrase): 

Just press the Enter key to leave it empty. Once the key files are generated, you will get the following output:

Your identification has been saved in /home/vyom/.ssh/id_rsa.
Your public key has been saved in /home/vyom/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Osc1pEf3PGhYBuDiofx7GG6qbjo1+6Z4rxdcTxdeYsg vyom@vyompc
The key's randomart image is:
+---[RSA 2048]----+
|       ..o.      |
|       .E +..    |
|      o .oo++    |
|   . o.o.+o= +   |
|   .o..oS.= o +  |
|  o o..o.o o   . |
| . o o+oo        |
|..+ o ++.        |
|o*=O+o..         |
+----[SHA256]-----+

You can now list both public and private key files using the following command:

ls -l .ssh/

You will get both files in the following output:

-rw------- 1 vyom vyom 1679 Apr 13 10:16 id_rsa
-rw-r--r-- 1 vyom vyom  393 Apr 13 10:16 id_rsa.pub
-rw-r--r-- 1 vyom vyom 8212 Apr 13 09:36 known_hosts

Also Read

How to Setup Password-less SSH on Linux

Copy SSH Public Key to the Remote Server

Next, you will need to copy the public key (id_rsa.pub) file to the remote server that you want to manage from your local machine.

You can run the ssh-copy-id command to copy the public key to the remote server:

ssh-copy-id root@remote-server-ip

You will be asked to provide the password of the remote server to copy the public key to the remote server:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Also Read

How to Secure SSH Service with Port Knocking

Connect to Remote Server Without Password

At this point, the public key is copied to the remote server. You are now able to connect to the remote server without providing a password.

ssh root@your-server-ip

Once you are logged in to the remote server, you will get the following output:

Activate the web console with: systemctl enable --now cockpit.socket

Last failed login: Wed Apr 13 04:39:07 UTC 2022 from 92.255.85.135 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Wed Apr 13 04:06:28 2022 from 27.61.243.122

[root@linux ~]# 

Conclusion

In this post, we explained how to create the public and private keys, copied the public key to a remote server, and accessed the remote Linux server without a password. Hopefully, this will save you a lot of time while managing multiple remote servers. Try it on VPS hosting from Atlantic.Net!